Phishing Campaign Exploits NinjaOne RMM to Target Brazilian Organizations

A phishing campaign is leveraging a legitimate NinjaOne Remote Monitoring and Management (RMM) agent to gain unauthorized remote access to Brazilian organizations. Attackers are using social engineering tactics in Portuguese to trick employees in finance, procurement, and administrative roles into installing the software. This method allows the attackers to bypass traditional malware detection, as no bespoke malware is deployed. The operation has been confirmed to be active as of June 12, 2026, affecting multiple organizations across Brazil. The attackers exploit familiar business workflows, making the campaign particularly insidious. No specific numbers of affected organizations or individuals have been disclosed in the articles. The current status indicates ongoing exploitation without immediate resolution. Organizations are advised to remain vigilant against such phishing attempts.

Key Points: • Attackers exploit NinjaOne RMM software to gain remote access without traditional malware. • The campaign targets Brazilian organizations using Portuguese-language social engineering. • No specific numbers of affected organizations have been disclosed, indicating widespread risk.